Back to skill

Security audit

Product Icon Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid remote icon generator; its trigger wording is broad, but the artifacts do not show hidden, destructive, or data-stealing behavior.

Install this only if you intend to use AgentPMT for paid remote PNG icon or sprite generation. Be aware that some broad trigger words may make agents select it too readily, so confirm before sending proprietary design instructions or spending credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises broad activation terms such as generic creation and rendering phrases, which can cause unintentional invocation for ordinary user requests unrelated to this specific paid remote tool. Because the skill performs remote calls and file creation, overbroad triggering increases the chance of unnecessary external data transmission, cost incurrence, and workflow hijacking away from more appropriate local or safer tools.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description uses expansive invocation language covering many common graphics tasks, which may make an orchestrator select this skill too often. In a tool that sends content to a third-party service and charges credits, ambiguous routing increases the risk of unintended data disclosure, cost, and execution of external actions without a sufficiently specific user request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.